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systems for supporting secure, interoperable transaction activity 
between plural parties. 

228. A system for securely administering user rights in 
commerce activities comprising a physical device including at 
least a portion of a portable VDE node, said device being 
configured to be compatible with mating connectors in host 
systems for supporting secure, interoperable transaction activity 
between plural parties. 

229. A method for enabling a programmable, electronic 
commerce environment characterized by the step of providing to 
multiple parties secure commerce nodes that securely process 
separate, modular component billing management methods, 
budgeting management methods, metering management 
methods, and related auditing management methods and further 
characterized by the step of supporting triggering of metering, 
auditing, b illing , and budgeting methods in response to electronic 
commerce event activities. 

230. A programmable, electronic commerce environment 
characterized by secure commerce nodes each including: 

means for securely processing separate, modular 
component billing management methods, budgeting management 
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methods, metering management methods, and related auditing 
management methods, and 

means for supporting triggering of metering, auditing, 
b illing , and budgeting methods in response to electronic 
commerce event activities. 

231. An electronic commerce system including modular, 
standardized control components comprising electronic commerce 
event control instructions stipulated by commerce participants, 
and plural electronic appliances cont ainin g one or more secure 
processing units which process at least a portion of such 
commerce event control instructions, said system further 
containing one or more databases, operatively connected to at 
least one of the secure processing units, for at least in part 
securely storing at least a portion of such control instructions for 
vise by said at least one secure processing unit. 

232. In an electronic commerce system including modular, 
standardized control components comprising electronic commerce 
event control instructions stipulated by commerce participants, 
and plural electronic appliances containing one or more secure 
processing units which process at least a portion of such 
commerce event control instructions, a method characterized by 
the step of providing one or more secure databases, operatively 
connected to at least one of the secure processing units, and at 



1004 



WO 96/27155 



PCT/US96/02303 



least in part securely storing, within the secure databases, at 
least a portion of such control instructions for use by said at least 
one secure processing unit. 

233. A content distribution system comprising plural 
electronic appliances containing one or more interoperable secure 
processing units operatively connected to one or more databases 
for use with at least one of said secure processing units, said one 
or more databases containing (a) one or more decryption keys for 
use in decrypting distributed, encrypted digital information, and 
(b) encrypted audit information, said audit information reflecting 
at least one aspect of use of said distributed digital information 

234. A content distribution method comprising; 
distributing plural electronic appliances containing one or 

more interoperable secure processing units 

operatively connecting the appliances to one or more 
databases, 

storing within said one or more databases one or more 
decryption keys, 

using the decryption keys for decrypting distributed, 
encrypted digital information, and 

storing within the one or more databases encrypted audit 
information, said audit information reflecting at least one aspect 
of use of said distributed digital information. 
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235. An electronic currency system comprising plural, 
electronic appliances containing (a) protected processing 
environments, (b) encrypted electronic currency and related 
secure control information configured so as to be useable by at 
least one of said protected processing environments, and (c) 
usage reporting means for securely co mmuni cating electronic 
currency usage related information from a first interoperable 
protected processing environment to a second interoperable 
protected processing environment. 

236. An electronic currency method comprising: 
distributing plural, electronic appliances containing (a) 

protected processing environments, (b) encrypted electronic 
currency and related secure control information configured so as 
to be useable by at least one of said protected processing 
environments, and 

securely communicating electronic currency usage related 
information from a first interoperable protected processing 
environment to a second interoperable protected processing 
environment. 

237. A method for electronic financial activities 
characterized by the steps of: 
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communicating digital containers containing 
financial information from a first interoperable 
secure node to a second interoperable secure node, 
communicating modular, standard control 
information to said second secure node to, at least in 
part, set the conditions for use of at least a portion of 
said financial information, 

reporting information related to said use to said first 
interoperable secure node. 

238. A system for electronic financial activities 
characterized by: 

means for communicating digital containers containing 
financial information from a first interoperable secure node to a 
second interoperable secure node, 

means for communicating modular, standard control 
information to said second secure node, 
means at the second node for, at least in part, setting the 
conditions for use of at least a portion of said financial 
information, and 

means for reporting information related to said use from 
the second secure node to said first interoperable secure node. 

239. A method for electronic currency management 
including: 
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communicating encrypted electronic currency from a first, 
interoperable secure user node to a second interoperable user 
node using at least one secure container, and 

providing secure control information for use with said at 
least one secure container, said secure control information, at 
least in part, maintaining conditionally anonymous currency 
usage information. 

240. A system for electronic currency management 
including: 

me ans for c ommunic ating encrypted electronic currency 
from a first, interoperable secure user node to a second 
interoperable user node using at least one secure container, and 

means for providing secure control information for use with 
said at least one secure container, said secure control 
information, at least in part, maintaining conditionally 
anonymous currency usage information. 

241. A method for electronic financial activities 
management characterized by the steps of: 

securely communicating from a first secure node to a 
second secure node financial information standardized control 
information for controlling the use of financial information used 
in a financial value chain, 
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securely commtinicating from said first secure node to a 
third secure node said financial information standardized control 
information for controlling the use of financial information used 
in a financial value chain, 

securely communicating encrypted financial information 
from said second secure node to said third secure node, including 
communicating secure control information, 
processing said financial information at said third node at least 
in part through the use of secure control information supplied by 
said first and said second secure nodes, wherein said 
standardized control information is at least in part stored in a 
secure database contained within said third secure node. 

242. A system for electronic financial activities 
management characterized by the steps of: 

means coupled to a first and a second secure node for 
securely communicating from said first secure node to said 
second secure node financial information standardized control 
information for controlling the use of financial information used 
in a financial value chain, 

means coupled between the first secure node and a third 
secure node for securely communicating from said first secure 
node to said third secure node said financial information 
standardized control information for controlling the use of 
financial information used in a financial value chain, 
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means coupled between the second and third nodes for 
securely co mmunic atin g encrypted financial information from 
said second secure node to said third secure node, including 
communicating secure control information, and 

means at the third node for processing said financial 
information at said third node at least in part through the use of 
secure control information supplied by said first and said second 

secure nodes, and 

a secure database at the third node for at least in part 
storing said standardized control information. 

243. A method of information management characterized 
by the steps of creating at least one smart object at a first 
location, protecting at least a portion of said smart object 
including protecting at least one rule and/or control assigned to 
said smart object, distributing said at least one smart object to at 
least one second location, securely processing at least a portion of 
the contents of said at least one smart object at said at least one 
second location in accordance with at least a portion of at least 
one said rule and/or control assigned to said smart object. 

244. An information management system characterized 

by: 

means for creating at least one smart object at a first 
location, 
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means for protecting at least a portion of said smart object 
including means for protecting at least one rule and/or control 
assigned to said smart object, 

means for distributing said at least one smart object to at 
least one second location, and 

means for securely processing at least a portion of the 
contents of said at least one smart object at said at least one 
second location in accordance with at least a portion of at least 
one said rule and/or control assigned to said smart object. 

245. An object processing system comprising at least one 
secure object containing at least in part protected executable 
content and at least one at least in part protected rule and/or 
control associated with operations related to the execution of 
such content, and at least one secure execution environment for 
processing the executable content in accordance with at least a 
portion of at least one of said at least one associated rule and/or 
control. 

246. An object processing method comprising: 
providing at least one secure object cont ainin g at least in 

part protected executable content and at least one at least in part 
protected rule and/or control associated with operations related 
to the execution of such content, 
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processing, within at least one secure execution 
environment, the executable content in accordance with at least a 
portion of at least one of said at least one associated rule and/or 
control. 

247. A rights distributed database environment including 
(a) means allowing one or more central authorities to establish 
control information for use of encrypted digital information, (b) 
interoperable database management systems at plural user sites 
for securely storing control information and audit information, (c) 
secure communication means for securely communicating control 
information and audit information between user sites, and (d) 
centralized database means for compiling and analyzing usage 
information from plural user sites. 

248. Within a rights distributed database environment, a 
method characterized by the following steps: 

establishing control information for use of encrypted digital 

information, 

securely storing, within interoperable database 
management systems at plural user sites, control information 
and audit information, 

securely co mmuni cating control information and audit 
information between user sites, and 
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user sites. 

249. A method of distributed database searching 
characterized by the steps of creating at least one secure object 
containing search criteria, transmitting at least one such secure 
object to one or more second locations to perform database 
searches in accordance with at least one rule and/or control, 
processing at least one database search based at least in part on 
the search criteria within a secure object in accordance with at 
least a portion of at least one of the said at least one associated 
rule and/or control, storing database search results in the same 
and/or one or more new secure objects, and transmitting the 
secure object containing search results to the first location. 

250. A method as in claim 247 further characterized by the 
additional step of associating at least one additional rule and/or 
control with the search results for establishing at least one 
condition related to the use of at least one portion of said search 
results. 

251. A system for distributed database searching 
characterized by: 

means for creating at least one secure object containing 
search criteria, 
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means for transmitting at least one such secure object to 
one or more second locations to perform database searches in 
accordance with at least one rule and/or control, 

means for processing at least one database search based at 
least in part on the search criteria within a secure object in 
accordance with at least a portion of at least one of the said at 
least one associated rule and/or control, 

means for storing database search results in the same 
and/or one or more new secure objects, and 

means for transmitting the secure object cont ainin g search 
results to the first location. 

252. A system as in claim 249 further characterized by 
means for associating at least one additional rule and/or control 
with the search results for establishing at least one condition 
related to the use of at least one portion of said search results. 

253. A rights management system comprising protected 
information, at least two protected processing arrangements, and 
a rights management language that allows the expression of 
permitted operations and the consequences of performing such 
operations on at least a portion of the information processed at 
least in part by at least one of the protected processing 
arrangements . 
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254. A rights management method comprising: 
providing protected information for processing by at least 

two protected processing arrangements, and 

expressing, in a rights management language, permitted 
operations and the consequences of performing such operations 
on at least a portion of the information processed at least in part 
by at least one of the protected processing arrangements. 

255. A method of protecting digital information 
characterized by the steps of encrypting at least a portion of the 
information, using a rights management language to describe the 
conditions related to use of the information, distributing at least 
a portion of such information and at least a portion of such rights 
language expressed conditions to one or more recipients, using an 
electronic appliance arrangement including at least one protected 
processing arrangement to securely govern at least a portion of 
the use of such information. 

256. A system for protecting digital information 
characterized by: 

means for encrypting at least a portion of the information, 
means for using a rights management language to describe 
the conditions related to use of the information, 
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means for distributing at least a portion of such 
information and at least a portion of such rights language 
expressed conditions to one or more recipients, and 

an electronic appliance arrangement including at least one 
protected processing arrangement for securely governing at least 
a portion of the use of such information. 

257. A distributed digital information management system 
comprising software components, a rights management language 
for expressing processing relationships between two or more of 
the software components, protected processing means for at least 
a portion of the software components and at least a portion of the 
rights management expressions, means for protecting content, 
means for creating software objects that relate protected content 
to rights management expressions, and means for delivering 
protected content, rights management expressions, and such 
software objects from a providing location to a user's location. 

258. A distributed digital information management 
method comprising: 

expressing, in a rights management language, processing 
relationships between two or more of the software components, 

processing, within at least one protected environment, at 
least a portion of the software components and at least a portion 
of the rights management expressions, 
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protecting content, 

creating software objects that relate protected content to 
rights management expressions, and 

delivering protected content, rights management 
expressions, and such software objects from a providing location 
to a user's location. 

259. An authentication system comprising at least two 
electronic appliances, at least two digital certificates reflecting 
identity information encrypted using different certifying private 
keys where such certificates are stored in a first electronic 
appliance, communications means for transmitting and receiving 
signals between electronic appliances, means for determining 
compromised and/or expired certifying private keys operatively 
connected to a second electronic appliance, means for the second 
electronic appliance to request transmission of one of the digital 
certificates from the first electronic appliance based at least in 
part on such determination, and means operatively connected to 
such second electronic appliance for decrypting such certificate 
and deter minin g such certificate's validity and/or the validity of 
identity information. 

260. In a system comprising at least two electronic 
appliances, an authenticating method comprising: 
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issuing at least two digital certificates reflecting 
identification information, including the step of encrypting the 
two certificates using different certifying private keys, 

storing the certificates in a first electronic appliance, 
transmitting and receiving signals between electronic 
appliances, 

determining compromised and/or expired certifying private 
keys operatively connected to a second electronic appliance, 

requesting, with the second electronic appliance, 
transmission of one of the digital certificates from the first 
electronic appliance based at least in part on such determination, 

decrypting such certificate with the second electronic 
appliance, and 

determining such certificate's validity and/or the validity of 
identity information. 

261. An authentication system comprising at least two 
electronic appliances, at least two digital certificates reflecting 
identify information encrypted using different certifying private 
keys where such certificates are stored in a first electronic 
appliance, co mmuni cations means for transmitting and receiving 
signals between electronic appliances, means for a second 
electronic appliance to request transmission of one of the digital 
certificates from the first electronic appliance wherein the 
selection of which certificate is requested is based at least in part 
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on a random or pseudo-random number, means operatively 
connected to such second electronic appliance for decrypting such 
certificate and determining such certificate's validity and/or the 
validity of identity information. 

262. In a system comprising at least two electronic 
appliances, an authenticating method comprising: 

issuing at least two digital certificates reflecting identify 
information, including the step of encrypting the two digital 
certificates using different certifying private keys, 

storing such certificates in a first electronic appliance, 
transmitting and receiving signals between electronic 
appliances, 

requesting, with a second electronic appliance, 
transmission of one of the digital certificates from the first 
electronic appliance, including the step of selecting a certificate 
based at least in part on a random or pseudo-random number, 

decrypting such certificate with the second electronic 
appliance; and 

determining such certificate's validity and/or the validity of 
identity information. 

263. A method of secure electronic mail characterized by 
the steps of creating at least one electronic message using an 
interoperable protected processing environment, encrypting at 



1019 



„ PCT/US96/02303 

WO 96/27155 



least a portion of said at least one message, securely associating 
one or more sets of control information with one or more 
messages to set at least one condition for the use of said at least 
one message, communicating the protected electronic messages to 
one or more recipients having protected processing environments, 
securely communicating at least one set of the same or differing 
control information to each recipient, enabling recipients of both 
control information and protected messages to use message 
information at least in part in accordance with the conditions 
specified by the control information. 



264. A system for secure electronic mail including multiple 
protected processing environments, the system characterized by: 

a first protected processing environment for creating at 
least one electronic message, the first environment including 
means for encrypting at least a portion of said at least one 
message, means for securely associating one or more sets of 
control information with one or more messages to set at least one 
condition for the use of said at least one message, and means for 
communicating the protected electronic messages to one or more 
recipients having interoperable protected processing 

environments, 

means for securely communicating at least one set of the 
same or differing control information to each recipient, and 
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means for enabling recipients of both control information 
and protected messages to use message information at least in 
part in accordance with the conditions specified by the control 
information. 

265. A method of information management characterized 
by the steps of protecting content from unauthorized use, 
securely associating enabling control information with at least a 
portion of such protected content wherein such enabling control 
information incorporates information describing how the 
enabling control information may be redistributed, delivering at 
least a portion of the protected content to a first user, delivering 
such enabling control information to such first user, receiving a 
request to redistribute such enabling control information from 
such first user, using the description of how enabling control 
information may be redistributed to create new enabling control 
information where such new enabling control information may be 
the same or different than the enabling control information 
received by such first user, delivering the new enabling control 
information and/or protected information to a second user. 

266. An information management system characterized 

by: 

means for protecting content from unauthorized use, 



1021 



PCT/US96/02303 

96/27155 

means for securely associating enabling control 
information with at least a portion of such protected content, 
including means for incorporating enabling control information 
describing how the enabling control information may be 
redistributed, 

means for delivering at least a portion of the protected 

content to a first user, 

means for delivering such enabling control information to 

such first user, 

means for receiving a request to redistribute such enabling 
control information from such first user, 

means for using the description of how enabling control 
information may be redistributed to create new enabling control 
information where such new enabling control information may be 
the same or different than the enabling control information 
received by such first user, and 

means for delivering the new enabling control information 
and/or protected information to a second user. 

267. A method of controlling redistribution of distributed 
digital information including the steps of encrypting digital 
information, distributing said encrypted digital information from 
a first party to a second party, establishing control information 
regarding the redistribution of at least a portion of said encrypted 
digital information from said second party to at least one third 
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party, regulating the redistribution of said at least a portion of 
said encrypted digital information through the use of a protected 
processing environment processing said control information. 

268. A system for controlling redistribution of distributed 
digital information including: 

means for encrypting digital information, 

means for distributing said encrypted digital information 

from a first party to at least one second party, 

means for establishing control information regarding the 

redistribution of at least a portion of said encrypted digital 

information from said second party to at least one third party, 

and 

a protected processing environment for processing said 
control information and for regulating the redistribution of said 
at least a portion of said encrypted digital information. 

269. A method of controlling a robot characterized by the 
steps of creating instructions for one or more robots, creating a 
secure container incorporating such instructions, associating 
control information with such secure container, incorporating at 
least one secure processing unit into such one or more robots, and 
performing at least a portion of such instructions in accordance 
with at least a portion of such control information. 
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270. A method as in claim 267 further characterized in 
that such control information includes information describing the 
conditions under which such instructions may be used and the 
nature of audit reports required when such instructions are 
performed. 

271. A robot control system characterized by: 
means for creating instructions for one or more robots, 
means for creating a secure container incorporating such 

instructions, 

means for associating control information with such secure 
container, 

means for incorporating at least one secure processing unit 
into such one or more robots, and 

means for perfor min g at least a portion of such instructions 
in accordance with at least a portion of such control information. 

272. A system as in claim 269 further characterized by 
means for creating such control information, including means for 
describing the conditions under which such instructions may be 
used and the nature of audit reports required when such 
instructions are performed. 

273. A method of detecting fraud in electronic commerce 
characterized by the steps of creating at least one secure 
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container, associating control information with such one or more 
containers including control information requiring that audit 
information be collected and transmitted to an auditing party, 
delivering such one or more containers and such control 
information to at least one user, recording information 
identifying each container and each such user, receiving audit 
information, creating a profile of usage based at least in part on 
such received audit information and/or such control information, 
detecting cases where certain audit information differs at least in 
part from such profile of usage. 

274. A system for detecting fraud in electronic commerce 

characterized by 

means for creating at least one secure container, 

means for associating control information with such one or 

more containers including control information requiring that 

audit information be collected and transmitted to an auditing 

party, 

means for delivering such one or more containers and such 
control information to at least one user, 

means for recording information identifying each container 
and each such user, 

means for receiving audit information, 
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means for creating a profile of usage based at least in part 
on such received audit information and/or such control 
information, and 

means for detecting cases where certain audit information 
differs at least in part from such profile of usage. 

275. A method of detecting fraud in electronic commerce 
characterized by the steps of distributing at least in part 
protected digital information to customers, distributing one or 
more rights to use at least a portion of such digital information 
across an electronic network, allowing a customer to use at least 
a part of said at least in part protected digital information 
through the use of a protected processing environment and at 
least one of said one or more distributed rights, detecting 
unusual usage activity related to use of said digital information. 

276. A system for detecting fraud in electronic commerce 

characterized by 

means for distributing at least in part protected digital 

information to customers, 

means for distributing one or more rights to use at least a 
portion of such digital information across an electronic network, 

a protected processing environment for allowing a 
customer to use at least a part of said at least in part protected 
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digital information through at least one of said one or more 
distributed rights, and 

means for detecting unusual usage activity related to use 
of said digital information. 

277. A programmable component arrangement comprising 
a tamper resistant processing environment including a 
microprocessor, memory, a task manager, memory manager and 
external interface controller, means for loading arbitrary 
components at least in part into the memory, means for initiating 
one or more tasks associated with processing such components, 
means for certifying the validity, integrity and/or trustedness of 
such components, means for creating arbitrary components, 
means for associating arbitrary events with such created 
components, means for certifying the validity, integrity and/or 
trustedness of such created components, and means for securely 
delivering such created components. 

278. In a programmable component arrangement 
comprising a tamper resistant processing environment including 
a microprocessor, memory, a task manager, memory manager 
and an external interface controDer, a processing method 
characterized by the following steps: 

creating arbitrary components, 

associating arbitrary events with such created components, 
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loading the arbitrary components at least in part into the 
memory, 

initiating one or more tasks associated with processing 
such loaded components, 

certifying the validity, integrity and/or trustedness of such 
created components, and 

securely delivering such created components. 

279. A distributed, protected, programmable component 
arrangement comprising at least two tamper resistant processing 
environments including a microprocessor, memory, a task 
manager, memory manager and external interface controller, 
means for loading arbitrary components at least in part into the 
memory, means for initiating one or more tasks associated with 
processing such components, and means for certifying the 
validity, integrity and/or trustedness of such components, said 
arrangement further comprising means for creating arbitrary 
components, means for associating arbitrary events with such 
created components, means for certifying the validity, integrity 
and/or trustedness of such created components, means for 
securely delivering such created components between at least two 
of said at least two tamper resistant processing environments. 

280. In a distributed, protected, programmable component 
arrangement comprising at least two tamper resistant processing 
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environments including a microprocessor, memory, a task 
manager, memory manager and external interface controller, a 
method comprising 

creating arbitrary components, 
certifying the validity, integrity and/or trustedness of such 
components, 

loading arbitrary components at least in part into the 
memory, 

initiating one or more tasks associated with processing 
such components, 

associating arbitrary events with such created components, 

and 

securely delivering such created components between at 
least two of said at least two tamper resistant processing 
environments. 

281. An electronic appliance comprising at least one CPU, 
memory, at least one system bus, at least one protected 
processing environment, and at least one of a Rights Operating 
System or Rights Operating System layer associated with a host 
operating system. 

282. An operating system comprising at least one task 
manager, at least one memory manager, at least one input/output 
manager, at least one protected processing environment, means 
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for detec ting events, means for associating events with rights 
control functions, means for performing rights control functions 
at least in part within such one or more protected processing 
environments. 

283. In an operating system comprising at least one task 
manager, at least one memory manager, at least one input/output 
manager, at least one protected processing environment, an 
operating method comprising: 

detecting events, 

associating events with rights control functions, and 
performing rights control functions at least in part within 
such one or more protected processing environments. 

284. A method of business automation characterized by 
the steps of creating one or more secure containers including 
accounting and/or other administrative information, associating 
control information with such one or more secure containers 
including a description of (a) the one or more parties to whom the 
container may and/or must be delivered and/or (b) the operations 
that one or more parties may and/or must perform with respect to 
such accounting and/or other administrative information, 
delivering one or more of such containers to one or more parties, 
and enabling the description and/or enforcement of at least a 
portion of such control information prior, during and/or 
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information by one or more parties. 

285. A method as in claim 282 where such control 
information further includes at least one requirement that audit 
information be collected and delivered to one or more auditing 
parties, and further includes the step of delivering at least a 
portion of such audit information to one or more parties. 

286. A method as in claim 283 where at least a portion of 
such audit information is automatically processed by at least one 
of such auditing parties, and further includes the step of 
transmitting further accounting, administrative and/or audit 
information to one or more parties that may be the same and/or 
differ from the one or more parties from whom audit information 
was received based at least in part on the receipt and/or content 
of such received audit information. 

287. A method as in claim 282 where at least two of such 
parties are associated with different businesses and/or other 
organizations and such control information includes information 
that at least in part describes an accounting, administrative, 
reporting and/or other audit relationship between such 
businesses and/or other organizations. 
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288. A method as in claim 282, 283, 284, or 285 where 
some or all of such accounting and/or other administrative 
information is included in such control information. 

289. A business automation system characterized by: 
means for creating one or more secure containers including 

accounting and/or other administrative information, 

means for associating, with such one or more secure 
containers, control information including a description of (a) the 
one or more parties to whom the container may and/or must be 
delivered and/or (b) the operations that one or more parties may 
and/or must perform with respect to such accounting and/or other 
administrative information, 

means for delivering one or more of such containers to one 
or more parties, and 

means for enabling the description and/or enforcement of 
at least a portion of such control information prior, during and/or 
subsequent to use of such accounting and/or other administrative 
information by one or more parties. 

290. A system as in claim 287 where the associating 
means further includes means for associating at least one 
requirement that audit information be collected and delivered to 
one or more auditing parties, and the delivering means includes 
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means for delivering at least a portion of such audit information 
to one or more parties. 

291. A system as in claim 288 further including means for 
automatically processing at least a portion of such audit 
information, and the system further includes means for 
transmitting further accounting, administrative and/or audit 
information to one or more parties that may be the same and/or 
differ from the one or more parties from whom audit information 
was received based at least in part on the receipt and/or content 
of such received audit information. 

292. A system as in claim 287 where at least two of such 
parties are associated with different businesses and/or other 
organizations and the associating means includes means for 
generating control information including information that at 
least in part describes an accounting, administrative, reporting 
and/or other audit relationship between such businesses and/or 
other organizations. 

293. A system as in claim 286, 287, 288, or 290 where 
some or all of such accounting and/or other a dminis trative 
information is included in such control information. 
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294. A method of distributing content characterized by the 
steps of creating one or more first secure containers, associating 
control information with such first containers including 
information describing the conditions under which some or all of 
the content of such first containers may be extracted, delivering 
at least a portion of such first containers and such control 
information to one or more parties, detecting a request by one or 
more of such parties to extract some or all of the content of such 
first containers, determining if such request is permitted in whole 
or in part by such control information, to the extent permitted by 
such control information creating one or more second secure 
containers in accordance with such request and such control 
information, associating control information with such one or 
more second secure containers based at least in part on control 
information associated with such first containers. 

295. A system for distributing content characterized by: 
means for creating one or more first secure containers, 
means for associating control information with such first 

containers including information describing the conditions under 
which some or all of the content of such first containers may be 
extracted, 

means for delivering at least a portion of such first 
containers and such control information to one or more parties, 
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means for detecting a request by one or more of such 
parties to extract some or all of the content of such first 
containers, 

means for dete rmining if such request is permitted in 
whole or in part by such control information, to the extent 
permitted by such control information creating one or more 
second secure containers in accordance with such request and 
such control information, and 

means for associating control information with such one or 
more second secure containers based at least in part on control 
information associated with such first containers. 

296. A method of distributing content characterized by the 
steps of creating one or more first secure containers, associating 
control information with such first secure containers including 
information describing the conditions under which such first 
secure containers (a) may in whole or in part be embedded into 
and/or securely associated with one or more second secure 
containers and/or (b) may allow one or more secure containers to 
be in whole or in part embedded into and/or securely associated 
with such first secure containers, delivering at least a portion of 
such first secure containers and such control information to one 
or more parties, detecting a request by one or more of such 
parties or by additional parties to (a) in whole or in part embed 
into and/or securely associate with such first containers one or 
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more second containers and/or (b) in whole or in part embed into 
and/or securely associate with a secure container such first 
secure containers, determining if such request is permitted by 
control information, to the extent permitted by control 
information performing one or more embedding and/or secure 
association operations, to the extent required by control 
information and/or requested by one or more of such parties, 
modifying and/or creating new control information at least in 
part as a consequence of such one or more embedding and/or 
secure association operations. 

297. A system for distributing content characterized by 
means for creating one or more first secure containers, 
means for associating control information with such first 
secure containers including information describing the conditions 
under which such first secure containers (a) may in whole or in 
part be embedded into and/or securely associated with one or 
more second secure containers and/or (b) may allow one or more 
secure containers to be in whole or in part embedded into and/or 
securely associated with such first secure containers, 

means for delivering at least a portion of such first secure 
containers and such control information to one or more parties, 

means for detecting a request by one or more of such 
parties to (a) in whole or in part embed into and/or securely 
associate with such first containers one or more second 
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containers and/or (b) in whole or in part embed into and/or 
securely associate with a secure container such first secure 
containers, and 

means for determining if such request is permitted by 
control information, to the extent permitted by control 
information perfo rming one or more embedding and/or secure 
association operations, to the extent required by control 
information and/or requested by one or more of such parties, 
modifying and/or creating new control information at least in 
part as a consequence of such one or more embedding and/or 
secure association operations. 

298. A method of distributing information characterized by 
the steps of protecting information from unauthorized use, 
associating control information with such protected information, 
delivering at least a portion of such protected information to one 
or more parties using plural pathways, delivering at least a 
portion of such control information to one or more parties using 
the same or different plural pathways, enabling at least one of 
such parties to make at least some use of such protected 
information delivered using a first pathway in accordance with 
control information at least a portion of which is delivered using 
a second pathway. 
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299. A method as in claim 296 in which at least one of 
such pathways of delivering protected information and/or control 
information is described by such control information. 

300. A system for distributing information characterized 

by: 

means for protecting information from unauthorized use, 

me ans for associating control information with such 
protected information, 

means for delivering at least a portion of such protected 
information to one or more parties using plural pathways, 

means for delivering at least a portion of such control 
information to one or more parties using the same or different 
plural pathways, 

means for enabling at least one of such parties to make at 
least some use of such protected information delivered using a 
first pathway in accordance with control information at least a 
portion of which is delivered using a second pathway. 

301. A system as in claim 298 wherein the delivering 
means includes means for delivering, over at least one of such 
pathways, protected information and/or control information 
described by such control information. 
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302. A method of distributing information characterized by 
the steps of protecting information from unauthorized use, 
associating control information with such protected information 
including information requiring the collection of audit 
information, enabling one or more parties to receive and/or 
process audit information, delivering at least a portion of such 
protected information and such control information to one or 
more parties, enabling at least some use of such protected 
information in accordance with at least a portion of such control 
information that requires the collection of audit information, 
delivering such audit information to one or more of such enabled 
auditing parties different from such delivering party or parties. 

303. A method as in claim 300 in which at least one of 
such auditing parties is specified in such control information. 

304. A system for distributing information characterized 

by 

means for protecting information from unauthorized use, 
means for associating control information with such 

protected information including information requiring the 

collection of audit information, 

means for enabling one or more parties to receive and/or 

process audit information, 
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means for delivering at least a portion of such protected 
information and such control information to one or more parties, 

means for enabling at least some vise of such protected 
information in accordance with at least a portion of such control 
information that requires the collection of audit information, and 

means for delivering such audit information to one or more 
of such enabled auditing parties different from such delivering 
party or parties. 

305. A system as in claim 302 in which at least one of such 
auditing parties is specified in such control information. 

306. A secure component-based operating process 

including: 

(a) retrieving at least one component; 

(b) retrieving a record that specifies a component 
assembly; 

(c) checking said component and/or said record for validity; 

(d) using said component to form said component assembly 
in accordance with said record; and 

(e) performing a process based at least in part on said 
component assembly. 

307. A process as in claim 304 wherein said step (c) 
further comprises executing said component assembly. 
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308. A process as in claim 304 wherein said component 
comprises executable code. 

309. A process as in claim 304 wherein said component 
comprises a load module. 

310. A process as in claim 304 wherein: 
said record comprises: 

(i) directions for assembling said component assembly; 
and 

(ii) information that at least in part specifies a control; 
and 

said process further comprises controlling said step (d) 
and/or said step (e) based at least in part on said control. 

311. A process as in claim 304 wherein said component 
has a security wrapper, and said controlling step comprises 
selectively opening said security wrapper based at least in part 
on said control. 

312. A process as in claim 304 wherein: 

said permissions record includes at least one decryption 
key; and 

said controlling step includes controlling use of said 
decryption key. 
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313. A process as in claim 304 including performing at 
least two of said steps (a) and (e) within a protected processing 
environment. 

314. A process as in claim 304 including performing at 
least two of said steps (a) and (e) at least in part within tamper- 
resistant hardware. 

315. A method as in claim 304 wherein said performing 
step (e) includes metering usage. 

316. A method as in claim 304 wherein said performing 
step (e) includes auditing visage. 

317. A method as in claim 304 wherein said performing 
step (e) includes budgeting usage. 

318. A secure component operating system process 
including: 

receiving a component; 

receiving directions specifying vise of said component to 
form a component assembly; 

authenticating said received component and/or said 
directions; 
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forming, using said component, said component assembly 
based at least in part on said received directions; and 

using said component assembly to perform at least one 
operation. 

319. A method comprising performing the following steps 
within a secure operating system environment: 

providing code; 

providing directions specifying assembly of said code into 
an executable program; 

checking said received code and/or said assembly directors 
for validity; and 

in response to occurrence of an event, assembling said code 
in accordance with said received assembly directions to form an 
assembly for execution. 

320. A method for managing at least one resource with a 
secure operating environment, said method comprising: 

securely receiving a first control from a first entity external 
to said operating environment; 

securely receiving a second control from a second entity 
external to said operating environment, said second entity being 
different from said first entity; 

securely processing, using at least one resource, a data 
item associated with said first and second controls; and 
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securely applying said first and second controls to manage 
said resource for use with said data item. 

321. A method for securely managing at least one 
operation on a data item performed at least in part by an 
electronic arrangement, said method comprising: 

(a) securely delivering a first procedure to said electronic 
arrangement; 

(b) securely delivering, to said electronic arrangement, a 
second procedure separable or separate from said first procedure; 

(c) performing at least one operation on said data item, 
including using said first and second procedures in combination 
to at least in part securely manage said operation; and 

(d) securely conditioning at least one aspect of use of said 
data item based on said delivering steps (a) and (b) having 
occurred. 

322. A method as in claim 319 including performing said 
delivering step (b) at a time different from the time said 
delivering step (a) is performed. 

323. A method as in claim 319 wherein said step (a) 
includes delivering said first procedure from a first source, and 
said step (b) includes delivering said second procedure from a 
second source different from said first source. 
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324. A method as in claim 319 further including ensuring 
the integrity of said first and second procedures. 

325. A method as in claim 319 further including validating 
each of said first and second procedures. 

326. A method as in claim 319 further including 
authenticating each of said first and second procedures. 

327. A method as in claim 319 wherein said using step (c) 
includes executing at least one of said first and second procedures 
within a tamper-resistant environment. 

328. A method as in claim 319 wherein said step (c) 
includes the step of controlling said data item with at least one of 
said first and second procedures. 

329. A method as in claim 319 further including 
establishing a relationship between at least one of said first and 
second procedures and said data item. 

330. A method as in claim 319 further including 
establishing correspondence between said data item and at least 
one of said first and second procedures. 



1045 



WO 96/27155 



PCT/US96/02303 



331. A method as in claim 319 wherein said delivering 
step (b) comprises delivering at least one load module enciypted 
at least in part. 

332. A method as in claim 329 wherein said delivering 
step (a) comprises delivering at least one further load module 
enciypted at least in part. 

333. A method as in claim 319 wherein said delivering 
step (b) comprises delivering at least one content container 
carrying at least in part secure control information. 

334. A method as in claim 319 wherein said delivering 
step (b) comprises delivering a control method and at least one 
further method. 

335. A method as in claim 319 wherein said delivering 
step (a) includes: 

encrypting at least a portion of said first procedure, 

communicating said at least in part encrypted first 
procedure to said electronic arrangement, 

decrypting at least a portion of said first procedure at least 
in part using said electronic arrangement, and 

validating said first procedure with said electronic 
arrangement. 
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336. A method as in claim 319 wherein said delivering 
step (b) includes delivering at least one of said first and second 
procedures within an administrative object. 

337. A method as in claim 319 wherein said delivering 
step (b) includes codelivering said second procedure in at least in 
part encrypted form with said data item. 

338. A method as in claim 319 wherein said performing 
step includes metering usage. 

339. A method as in claim 319 wherein said performing 
step includes auditing usage. 

340. A method as in claim 319 wherein said performing 
step includes budgeting usage. 

341. A method for securely managing at least one 
operation performed at least in part by a secure electronic 
appliance, comprising: 

(a) selecting an item that is protected with respect to at 
least one operation; 

(b) securely independently delivering plural separate 
procedures to said electronic appliance; 
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(c) using said plural separate procedures in combination to 
at least in part securely manage said operation with respect to 
said selected item; and 

(d) conditioning successful completion of said operation on 
said delivering step (b) having occurred. 

342. A method for processing based on deliverables 
comprising: 

securely delivering a first piece of code defining a first part 
of a process; 

separately, securely delivering a second piece of code 
defining a second part of said process; 

ensuring the integrity of the first and second delivered 
pieces of code; and 

performing said process based at least in part on said first 
and second delivered code pieces. 

343. A method as in claim 340 wherein a first piece of code 
for said process at least in part controls decrypting content. 

344. A method as in claim 340 wherein said ensuring step 
includes validating said first and second pieces of code. 
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345. A method as in claim 340 wherein said ensuring step 
includes validating said first and second pieces of code relative to 
one another. 

346. A method as in claim 340 wherein said performing 
step includes metering usage. 

347. A method as in claim 340 wherein said performing 
step includes auditing activities. 

348. A method as in claim 340 wherein said performing 
step includes budgeting usage. 

349. A method as in claim 340 wherein said performing 
step includes electronically processing content based on electronic 
controls. 

350. A method of securely controlling at least one 
protected operation with respect to a data item comprising: 

(a) supplying at least a first control from a first party; 

(b) supplying at least a second control from a second party 
different from said first party; 

(c) securely combining said first and second controls to 
form a set of controls; 
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(d) securely associating said control set with said data 
item; and 

(e) securely controlling at least one protected operation 
with respect to said data item based on said control set. 

351. A method as in claim 348 wherein said data item is 
protected. 

352. A method as in claim 348 wherein at least one of said 
plural controls includes a control relating to metering at least one 
aspect of use of said protected data item. 

353. A method as in claim 348 wherein at least one of said 
plural controls include a control relating to budgeting at least one 
aspect of use of said protected data item. 

354. A secure method for combining data items into a 
composite data item comprising: 

(a) securely providing a first data item having at least a 
first control associated therewith; 

(b) securely providing a second data item having at least a 
second control associated therewith; 

(c) forming a composite of said first and second data 

items; 
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(d) securely combining said first and second controls into a 
composite control set; and 

(e) performing at least one operation on said composite of 
said first and second data items based at least in part on said 
composite control set. 

355. A method as in claim 352 wherein said combining 
step includes preserving each of said first and second controls in 
said composite set. 

356. A method as in claim 352 wherein said performing 
step comprises governing the operation on said composite of said 
first and second data items in accordance with said first control 
and said second control . 

357. A method as in claim 352 wherein said providing step 
includes ensuring the integrity of said association between said 
first controls and said first data item is maintained during at 
least one of transmission, storage and processing of said first 
data item. 

358. A method as in claim 352 wherein said providing step 
comprises delivering said first data item separately from said 
first control . 
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359. A method as in claim 352 wherein said providing step 
comprises codelivering said first data item and said first control . 

360. A secure method for controlling a protected operation 
comprising: 

(a) delivering at least a first control and a second control; 

and 

(b) controlling at least one protected operation based at 
least in part on a combination of said first and second controls, 
including at least one of the following steps: 

resolving at least one conflict between said first and 
second controls based on a predefined order; 

providing an interaction with a user to form said 
combination; and 

dynamically negotiating between said first and second 

controls. 

361. A method as in claim 358 wherein said controlling 
step (b) includes controlling decryption of electronic content. 

362. A method as in claim 358 further including: 
receiving protected electronic content from a party; and 
authenticating the identity of said party prior to using said 

received protected electronic content. 
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363. A secure method comprising: 
selecting protected data; 

extracting said protected data from an object; 
identifying at least one control to manage at least one 
aspect of use of said extracted data; 

placing said extracted data into a further object; and 
associating said at least one control with said farther 

object. 

364. A method as in claim 361 further including limiting 
at least one aspect of use of said further object based on said at 
least one control. 

365. A secure method of modifying a protected object 
comprising: 

(a) providing a protected object; and 

(b) embedding at least one additional element into said 
protected object without unprotecting said object. 

366. A method as in claim 60 further including: 
associating at least one control with said object; and 
limiting usage of said element in accordance with said 

control. 
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367. A method as in claim 363 further including a 
permissions record within said object. 

368. A method as in claim 364 further including at least in 
part encrypting said object. 

369. A method for managing at least one resource with a 
secure operating environment, said method comprising: 

securely receiving a first load module from a first entity 
external to said operating environment; 

securely receiving a second load module from a second 
entity external to said operating environment, said second entity 
being different from said first entity; 

securely processing, using at least one resource, a data 
item associated with said first and second load modules; and 

securely applying said first and second load modules to 
manage said resource for use with said data item. 

370. A method for negotiating electronic contracts, 
comprising: 

receiving a first control set from a remote site; 
providing a second control set; 

performing, within a protected processing environment, an 
electronic negotiation between said first control set and said 
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second control set, including providing interaction between said 
first and second control sets; and 

producing a negotiated control set resulting from said 
interaction between said first and second control sets. 

371. A system for supporting electronic commerce 
including: 

means for creating a first secure control set at a first 
location; 

means for creating a second secure control set at a second 
location; 

means for securely communicating said first secure control 
set from said first location to said second location; and 

means at said second location for securely integrating said 
first and second control sets to produce at least a third control set 
comprising plural elements together comprising an electronic 
value chain extended agreement. 

372. A system for supporting electronic commerce 
including: 

means for creating a first secure control set at a first 
location; 

means for creating a second secure control set at a second 
location; 
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means for securely communicating said first secure control 
set from said first location to said second location; and 

negotiation means at said second location for negotiating 
an electronic contract through secure execution of at least a 
portion of said first and second secure control sets. 

373. A system as in claim 370 further including means for 
controlling use by a user of protected information content based 
on at least a portion of said first and/or second control sets. 

374. A system as in claim 370 further including means for 
charging for at least a part of said content use. 

375. A secure component-based operating system 
including: 

component retrieving means for retrieving at least one 
component; 

record retrieving means for retrieving a record that 
specifies a component assembly; 

checking means, operatively coupled to said component 
retrieving means and said record retrieving means, for checking 
said component and/or said record for validity; 

using means, coupled to said checking means, for using 
said component to form said component assembly in accordance 
with said record; and 
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performing means, coupled to said using means, for 
performing a process based at least in part on said component 
assembly. 

376. A secure component-based operating system 
including: 

a database manager that retrieves, from a secure database, 
at least one component and at least one record that specifies a 
component assembly; 

an authenticating manager that checks said component 
and/or said record for validity; 

a channel manager that uses said component to form said 
component assembly in accordance with said record; and 

an execution manager that performs a process based at 
least in part on said component assembly. 

377. A secure component operating system including: 
means for receiving a component; 

means for receiving directions specifying use of said 
component to form a component assembly; 

means, coupled to said receiving means, for authenticating 
said received component and/or said directions; 

means, coupled to said authenticating means, for forming, 
using said component, said component assembly based at least in 
part on said received directions; and 
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means, coupled to said forming means, for using said 
component assembly to perform at least one operation. 

378. A secure component operating environment 
including: 

a storage device that stores a component and directions 
specifying use of said component to form a component assembly; 

an authenticating manager that authenticates said 
component and/or said directions; 

a channel manager that forms, using said component, said 
component assembly based at least in part on said directions; and 

a channel that executes said component assembly to 
perform at least one operation. 

379. A secure operating system environment comprising: 
a storage device that stores code and directions specifying 

assembly of said code into an executable program; 

a validating device that checks said received code and/or 
said assembly directors for validity; and 

an event-driven channel that, in response to occurrence of 
an event, assembles said code in accordance with said assembly 
directions to form an assembly for execution. 

380. A secure operating environment system for managing 
at least one resource comprising: 
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a communications arrangement that securely receives a 
first control from a first entity external to said operating 
environment, and securely receives a second control from a 
second entity external to said operating environment, said second 
entity being different from said first entity; and 

a protected processing environment, coupled to said 
communications arrangement, that: 

(a) securely processes, using at least one resource, a data 
item associated with said first and second controls, and 

(b) securely applies said first and second controls to 
manage said resource for use of said data item. 

381. A system for negotiating electronic contracts, 
comprising: 

a storage arrangement that stores a first control set 
received from a remote site, and stores a second control set; 

a protected processing environment, coupled to said 
storage arrangement, that: 

(a) performs an electronic negotiation between said 
first control set and said second control set, 

(b) provides interaction between said first and 
second control sets, and 

(c) produces a negotiated control set resulting from 
said interaction between said first and second control sets. 
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382. A system as in claim 379 further including means for 
electronically enforcing said negotiated control set. 

383. A system as in claim 379 further including means for 
generating an electronic contract based on said negotiated control 
set. 

384. A method for supporting electronic commerce 
including: 

creating a first secure control set at a first location; 

creating a second secure control set; 

electronically negotiating, at said location different from 
said first location, an electronic contract, including the step of 
securely executing at least a portion of said first and second 
control sets. 

385. An electronic appliance comprising: 
a processor; and 

at least one memory device connected to said processor; 
wherein said processor includes: 
retrieving means for retrieving at least one component, 
and at least one record that specifies a component assembly, from 
said memory device, 

chec kin g means coupled to said retrieving means for 
checking said component and/or said record for validity, and 
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tising means coupled to said retrieving means for using 
said component to form said component assembly in accordance 
with said record. 

386. An electronic appliance comprising: 
at least one processor; 

at least one memory device connected to said processor; 

and 

at least one input/output connection operatively coupled to 
said processor, 

wherein said processor at least in part executes a rights 
operating system to provide a secure operating environment 
within said electronic appliance. 

387. An electronic appliance as in claim 384 wherein said 
processor includes means for providing a channel, said channel 
assembling independently deliverable components into a 
component assembly and executing said component assembly. 

388. An electronic appliance as in claim 384 further 
including a secondary storage device coupled to said processor, 
said secondary storage device storing a secure database, said 
processor including means for decrypting information obtained 
from said secure database and for encrypting information to be 
written to said secure database. 
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389. An electronic appliance as in claim 384 wherein said 
processor and said memory device are disposed in a secure, 
tamper-resistance encapsulation. 

390. An electronic appliance as in claim 384 wherein said 
processor includes a hardware encryptor/decryptor. 

391. An electronic appliance as in claim 384 wherein said 
processor includes a real time clock. 

392. An electronic appliance as in claim 384 wherein said 
processor includes a random number generator. 

393. An electronic appliance as in claim 384 wherein said 
memory device stores audit information. 

394. A method for auditing the use of at least one resource 
with a secure operating environment, said method comprising: 

securely receiving a first control from a first entity external 
to said operating environment; 

securely receiving a second control from a second entity 
external to said operating environment, said second entity being 
different from said first entity; 

using at least one resource; 
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securely sending to said first entity in accordance with said 
first control, first audit information concerning use of said 
resource; and 

securely sending to said second entity in accordance with 
said second control, second audit information concerning use of 
said resource, said second audit information being at least in part 
different from said first audit information. 

395. A method for auditing the use of at least one resource 
with a secure operating environment, said method comprising: 

securely receiving first and second control alternatives 
from an entity external to said operating environment; 

selecting one of said first and second control alternatives; 

using at least one resource; 

if said first control alternative is selected by said selecting 
step, securely sending to said entity in accordance with said first 
control alternative, first audit information concerning use of said 
resource; and 

if said second control alternative is selected by said 
selecting step, securely sending to said second entity in 
accordance with said second control alternative, second audit 
information concerning use of said resource, said second audit 
information being at least in part different from said first audit 
information. 
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396. A method and/or system for enabling a sale of 
protected digital information that has been previously distributed 
to users, the method or system being characterized by a secure 
element that selectively controls access to the protected digital 
information based on electronic controls associated with the 
information. 

397. A distributed, secure electronic point of sale system or 
method characterized by a secure processing element for 
selectively releasing goods and/or services in exchange for 
compensation. 

398. In a distributed digital network, an advertising 
method characterized by the steps of tracking usage of digital 
information that has associated with it one or more controls with 
respect to access to and/or usage of said information; and 
targeting advertising messages based at least in part on said 
tracking. 

399. A distributed electronic advertising system 
characterized in that the system uses a distributed network of 
interoperable protected processing environments to at least in 
part deliver advertising to users. 
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400. A distributed, secure, virtual black box comprised of 
nodes located at VDE content container creators, other content 
providers, client users, and recipients of secure VDE content 
usage information) site, the nodes of said virtual black box 
including a secure subsystem having at least one secure 
hardware element such as a semiconductor element or other 
hardware module for securely executing VDE control processes, 
said secure subsystems being distributed at nodes along a 
pathway of information storage, distribution, payment, usage, 
and/or auditing. 

401. A protected processing system or method providing 
multiple currencies and/or payment arrangements for the secure 
processing and releasing of protected digital information. 

402. A distributed secure method or system characterized 
in that a user's age is used as a criteria for electronically, 
securely releasing information and/or resources to the user. 

403. A method of renting an electronic appliance defining 
a secure processing environment. 

404. A virtual distribution environment providing any one 
or more of the following features and/or elements and/or 
combinations thereof: 
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a configurable protected, distributed event management 
system; and/or 

a trusted, distributed transaction and storage management 
arrangement; and/or 

plural pathways for providing information, for control 
information, and/or for reporting; and/or 

multiple payment methods; and/or 

multiple currencies; and/or 

EDI; and/or 

Electronic banking; and/or 
electronic document management; and/or 
electronic secure communication; and/or 
e-mail; and/or 

distributed asynchronous reporting; and/or 

combination asynchronous and online management; and/or 

privacy control by users; and/or 

testing; and/or 

using age as a class; and/or 

appliance control (renting, etc); and/or 

telecommunications infrastructure; and/or 

games management; and/or 

extraction of content from an electronic container; and/or 
embedding of content into an electronic container; and/or 
multiple certificate to allow for breach of a key; and/or 
virtual black box; and/or 
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independence of control information from content; and/or 
multiple, separate, simultaneous control sets for one digital 

information property; and/or 

updating control information for already distributed digital 

information; and/or 

organization information management; and/or 
coupled external and organization internal chain of 

handling and control; and/or 

a content usage consequence management system 

(reporting, payment, etc., multiple directions); and/or 

a content usage reporting system providing differing audit 

information and/or reduction going to multiple parties holding 

rights in content; and/or 

an automated remote secure object creation system; and/or 
infrastructure background analysis to identify improper 

use; and/or 

seniority of control information system; and/or 

secure distribution and enforcement of rules and controls 

separately from the content they apply to; and/or 

redistribution management by controlling the rights and/or 

number of copies and or pieces etc. that may be redistributed; 

and/or 

an electronic commerce taxation system; and/or 
an electronic shopping system; and/or 
an electronic catalog system; and/or 
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a system handling electronic banking, electronic shopping, 
and electronic content usage management; and/or 

an electronic commerce multimedia system; and/or 

a distributed, secure, electronic point of sale system; and/or 

advertising; and/or 

electronics rights management; and/or 

a distributed electronic commerce system; and/or 

a distributed transaction system or environment; and/or 

a distributed event management system; and/or 

a distributed right systems. 

405. A Virtual Distribution Environment substantially as 
shown in Figure 1. 

406. An "Information Utility" substantially as shown in 
Figure 1A. 

407. A chain of handling and control substantially as 
shown in Figure 1. 

408. Persistent rules and control information substantially 
as shown in Figure 2A. 

409. A method of providing different control information 
substantially as shown in Figure 1. 
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410. Rules and/or control information substantially as 
shown in Figure 4. 

411. An object substantially as shown in Figures 5A and 

5B. 

412. A Secure Processing Unit substantially as shown in 
Figure 6. 

413. An electronic appliance substantially as shown in 
Figure 7. 

414. An electronic appliance substantially as shown in 
Figure 8. 

415. A Secure Processing Unit substantially as shown in 
Figure 9. 

416. A "Rights Operating System" ("ROS") architecture 
substantially as shown in Figure 10. 

417. Functional relationship(s) between applications and 
the Rights Operating System substantially as shown in Figures 
IIA-IIC. 
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418. Components and component assemblies substantially 
as shown in Figures 1 ID- ILL 

419. A Rights Operating System substantially as shown in 
FIGURE 12. 

420. A method of objection creation substantially as shown 
in Figure 12A. 

421. A "protected processing environment" software 
architecture substantially as shown in Figure 13. 

422. A method of supporting a channel substantially as 
shown in Figure 15. 

423. A channel header and channel detail record 
substantially as shown in Figure 15 A. 

424. A method of creating a channel substantially as 
shown in Figure 15B. 

425. A secure data base substantially as shown in Figure 

16. 

426. A logical object substantially as shown in Figure 17. 
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427. A stationary object substantially as shown in 
FIGURE 18. 

428. A travelling object substantially as shown in FIGURE 

19. 

429. A content object substantially as shown in FIGURE 

20. 

430. An administrative object substantially as shown in 
Figure 21. 

431. A method core substantially as shown in Figure 22. 

432. A load module substantially as shown in FIGURE 

23. 

433. A User Data Element (UDE) and/or Method Data 
Element (MDE) substantially as shown in FIGURE 24. 

434. Map meters substantially as shown in FIGURES 
25A-25C. 

435. A permissions record (PERC) substantially as shown 
in FIGURE 26. 



1071 



WO 96/27155 



PCTAJS96/02303 



436. A permissions record (PERC) substantially as 
shown in FIGURES 26A and 26B. 

437. A shipping table substantially as shown in FIGURE 

27. 

438. A receiving table substantially as shown in FIGURE 

28. 

439. An administrative event log substantially as shown 
in FIGURE 29. 

440. A method of interrelating and using an object 
registration table, a subject table and a user rights table 
substantially as shown in Figure 30. 

441. A method of using a site record table and a group 
record table to track portions of a secure database substantially 
as shown in FIGURE 34. 

442. A process for updating a secure database 
substantially as shown in FIGURE 35. 

443. A process of inserting new elements into a secure 
database substantially as shown in FIGURE 36. 
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444. A process of accessing elements in a secure database 
substantially as shown in FIGURE 37. 

445. A process of protecting a secure database element 
substantially as shown in FIGURE 38. 

446. A process of backing up a secure database 
substantially as shown in FIGURE 39. 

447. A process of recovering a secure database 
substantially as shown in FIGURE 40. 

448. A process of enabling performing reciprocal methods 
to provide a chain of h andling and control substantially as shown 
in FIGURES 41A-41D. 

449. A "reciprocal" BUDGET method substantially as 
shown in FIGURES 42A-42D. 

450. A reciprocol audit method substantially as shown in 
FIGURES 44A-44C. 

451. A method for controlling release of content or other 
method substantially as shown in any of FIGURES 45-48. 
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452. An event method substantially as shown in 
FIGURES 53A-53B. 

453. A billing method substantially as shown in FIGURE 

53C. 

454. An extract method substantially as shown in 
FIGURE 57A. 

455. An embed method substantially as shown in FIGURE 

57A. 

456. An obscure method substantially as shown in 
FIGURE 58A. 

457. A fingerprint method substantially as shown in 
FIGURE 58B. 

458. A fingerprint method substantially as shown in 
FIGURE 58C. 

459. A meter method substantially as shown in FIGURE 

6. 
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460. A key "convolution" process substantially as shown in 
FIGURE 62. 

461. A process of generating different keys using a key 
convolution process to determine a "true* key substantially as 
shown in FIGURE 63. 

462. A process of initializing protected processing 
environment keys substantially as shown in FIGURES 64 and/or 
65. 

463. A process for decrypting information contained within 
stationary objects substantially as shown in FIGURE 66. 

464. A process for decrypting information contained within 
traveling objects substantially as shown in FIGURE 67. 

465. A process for initializing a protected processing 
environment substantially as shown in FIGURE 68. 

466. A process of downloading firmware into a protected 
processing environment substantially as shown in FIGURE 69. 
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467. Multiple VDE electronic appliances connected together with 
a network or other communications means substantially as 
shown in FIGURE 70. 

468. A portable VDE electronic appliance substantially as 
shown in FIGURE 71. 

469. Top-up" displays that may be generated by the user 
notification and exception interface substantially as shown in 
Figures 72A-72D. 

470. A smart object substantially as shown in FIGURE 73. 

471. A method of processing smart objects substantially as 
shown in FIGURE 74. 

472. Electronic negotiation substantially as shown in any 
of FIGURES 75A-75D. 

473. An electronic agreement substantially as shown in 
FIGURES 75E-75F. 

474. Electronic negotiation processes substantially as 
shown in any of FIGURES 76A-76B. 
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475. A chain of handling and control substantially as 
shown in FIGURE 77. 

476. A VDE 'repository" substantially as shown in 
FIGURE 78. 

477. A process of using a chain of handling and control to 
evolve and transform VDE managed content and control 
information substantially as shown in any or all of FIGURES 
79-83. 

478. A chain of handling and control involving several 
categories of VDE participants substantially as shown in 
FIGURE 84. 

479. A chain of distribution and handling within an 
organization substantially as shown in FIGURE 85. 

480. A chain of han dling and control substantially as 
shown in Figures 86 and/or 86A. 

481. A virtual silicon container model substantially as 
shown in Figure 87. 
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482. A method of business automation characterized by 
the steps of (a) creatings one or more secure containers including 
encrypted accounting and/or other administrative information 
content, (b) associating control information with one or more of 
such one or more secure containers including a description of (i) 
the one or more parties whom may use one or more of the one or 
more containers, and (ii) the operations that will be performed for 
one or more parties with respect to such accounting and/or other 
administrative information, (c) electronically delivering one or 
more of such one or more containers such to one or more parties, 
and (d) enabling through the use of a protected processing 
environment the enforcement of at least a portion of such control 
information. 

483. A business automation system characterized by: 
means for providing at least one secure container including 

administrative information content having control information 
associated therewith, and 

a protected processing environment for enforcing, at least 
in part, the control information. 

484. A business automation system comprising (a) 
distributed, interoperable protected processing environment 
installations, (b ) secure containers for distribution of digital 
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information, (c) control information supporting the automation of 
chain of handling and control functions. 

485. A method of business automation characterized by 
the steps of providing interoperable protected processing 
environment nodes to plural parties, communicating first 
encrypted digital information from a first party to a second party, 
communicating second encrypted digital information including at 
least a portion of said first communicated digital information 
and/or information related to the use of said first digital 
information, to a third party different from said first or second 
parties, wherein use of said second encrypted digital information 
is regulated, at least in part, by an interoperable protected 
processing environment available to said third party. 

486. A business automation system characterized by: 
plural protected processing environment nodes, 

means for co mmunic ating digital information between the 
nodes, and 

wherein at least one of the nodes includes means for 
regulating the use of said communicated digital information. 

487. A method for chain of handling and control 
characterized by the steps of (a) a first party placing protected 
digital information into a first software container and stipulating 
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rules and controls governing use 0 f at least a portion of said 
digital information, (b) providing said software container to a 
second party, wherein said second party places said software 
container into a further software container and stipulates rules 
and controls for at least in part managing use of at least a portion 
of said digital information and/or said first software container by 
a third party. 

488. A chain of handling and control system characterized 

by: 

means for placing digital information into a first software 
container and for stipulating rules and/or controls governing use 
of at least a portion of said digital information, and 

means for placing said software container into a further 
software container and for stipulating further rules and/or 
controls for at least in part managing use of at least a portion of 
said digital information and/or said first software container. 

489. A system for chain of handling and control including 
(a) a first container containing at least in part protected digital 
information, (b) at least in part protected control information 
stipulated by a first party establishing conditions for use of at 
least a portion of said digital content, (c) a second container 
different from said first container, said second container 
containing said first container, (d) control information stipulated 
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independently by a second party for at least in part setting 
conditions for managing use of the contents of said second 
container. 

490. A system for electronic advertising including: (a) 
means to provide digital information to users for their use, (b) 
means to provide advertising content to said users in 
combination with said digital information, (c) means to audit use 
of said digital information, (d) means to securely acquire usage 
information regarding use of advertising content, (e) means to 
securely report information based upon said advertising content 
usage information, (f) compensating at least one content provider 
at least in part based upon use of said advertising content. 

491. A method for electronic advertising characterized by 
the steps of (a) placing digital information into a container, (b) 
associating advertising information with at least a portion of said 
digital information, (c) securely providing said container to a 
container user, (d) monitoring user viewing of advertising 
information, and (d) receiving payment from an advertiser, 
wherein said payment is related to user viewing of said 
advertising information. 

492. A system for electronic advertising involving (a) 
means to containerize digital information including both content 
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and advertising information, (b) means to monitor viewing of at 
least a portion of said advertising information, (c) means to 
charge for user viewing of at least a portion of said advertising 
information, (d) means to securely communicate information 
based upon said viewing in a secure container, and (e) control 
information related to said containerized digital information for 
managing the communication of said information based upon 
said viewing. 

493. A method for electronic advertising characterized by 
the steps of (a) containerizing digital information including both 
content and advertising information, (b) monitoring user viewing 
of at least a portion of said advertising information, (c) charging 
for user viewing of at least a portion of said advertising 
information, (d) securely communicating information based upon 
said viewing in a secure container, and (e) at least in part 
managing, through the use of control information related to said 
advertising information, the communication of information based 
upon said viewing. 

494. A method of clearing transaction information 
characterized by the steps of (a) securely distributing digital 
information to a first user of an interoperable protected 
processing environment, (b) securely distributing further digital 
information to a user of an interoperable protected processing 
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environment different from said at first user (c) receiving 
information related to usage of said digital information, (d) 
receiving information related to usage of said further digital 
information, and (e) processing information received according to 
steps (c) and (d) to perform at least one of (I) an administrative, 
or (II) an analysis, function. 

495. A system for clearing transaction information 
including (a) a first container containing at least in part 
protected digital information and associated control information, 

(b) a second secure container containing further at least in part 
protected digital information and associated control information, 

(c) means to distribute said first and second containers to users, 

(d) communication means for communicating information at least 
in part derived from user usage of said first container digital 
information, (e) communication means for communicating 
information at least in part derived from user usage of said 
second container digital information, (f) processing means at a 
clearinghouse site for receiving the information communicated 
through steps (d) and (e), wherein said processing means perform 
administrative and/or analysis processing of at least a portion of 
said co mmuni cated information. 

496. A method for clearinghouse analysis characterized by 
the steps of: (a) enabling plural independent clearinghouses for 
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administrating and/or analyzing usage of distributed, at least in 
part protected, digital information, (b) providing interoperable 
protected processing environments to plural, independent users, 
and (c) enabling a user to select a clearinghouse for use with an 
interoperable protected processing environment 

497. A system for clearinghouse analysis including (a) 
plural independent clearinghouses for administrating and/or 
analyzing usage of distributed, at least in part protected, digital 
information, (b) at least one interoperable protected processing 
environments at each of plural user locations, (c) selecting means 
for enabling a user to select one of said plural independent 
clearinghouse to perform payment and/or analysis functions 
related to the use of at least a portion of said at least in part 
protected, digital information. 

498. A method of electronic advertising characterized by 
the steps of 

creating one or more electronic advertisements, creating 
one or more secure containers including at least a portion of such 
advertisements, 

associating control information with such advertisements 
including control information describing at least one of: (a) 
reporting at least some advertisement usage information to one 
or more content providers, advertisers and/or agents, (b) 
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providing one or more credits to a user based on such user's 
viewing and/or other usage of such advertisements, (c ) reporting 
advertisement usage information to one or more market analysts, 
(d) providing a user with ordering information for and/or means 
for ordering one or more products and/or services, and/or (e) 
providing one or more credits to a content provider based on one 
or more users' viewing and/or other usage of such 
advertisements, 

providing such containers and such control information to 

one or more users, 

enabling such users to use such containers at least in part 
in accordance with such control information. 

499. A system for electronic advertising including (a) 
means to provide digital information to users for their use, (b) 
means to provide advertising content to said users in 
combination with said digital information, (c ) means to audit use 
of said digital information, (d) means to acquire usage 
information regarding use of advertising content, (e) means to 
securely report information based upon said advertising content 
usage information, and (f) compensating at least one content 
provider at least in part based upon use of such advertising 
content. 
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500. A system for chain of handling and control including 
(a) a first container containing at least in part protected digital 
information, (b) at least in part protected control information 
stipulated by a first party establishing condition for use of at 
least a portion of said digital content, (c ) a second container 
different from said first container, said second container 
containing said first container, and (d) control information 
stipulated independently by a second party for at least in part 
setting conditions for managing use of the contents of said second 
container. 

501. A method of operating a clearinghouse characterized 
by the steps of receiving usage information related at least in 
part to use of secure containers from plural parties, determining 
payments due to one or more parties based at least in part on 
such usage information, performing and/or causing to be 
performed transactions resulting in payments to such parties 
based at least in part on such determinations. 

502. An electronic clearinghouse comprising: 

means for receiving usage information related at least in 
part to use of secure containers from plural parties, 

means for determining payments due to one or more 
parties based at least in part on such usage information, 
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means for performing and/or causing to be performed 
transactions resulting in payments to such parties based at least 
in part on such determinations. 

503. A method of operating a clearinghouse characterized 
by the steps of receiving usage information related at least in 
part to use of secure containers from plural parties, determining 
reports of usage for one or more parties based at least in part on 
such usage information, creating and/or causing to be created 
reports of usage based at least in part on such determination, 
delivering at least one of such reports to at least one of such 
parties. 

504. A method of operating a clearinghouse characterized 
by the steps of receiving permissions and/or other control 
information from one or more content providers including 
information that enables delivery of at least one right in at least 
one secure container to other parties, receiving requests from 
plural parties for one or more rights in one or more secure 
containers, delivering permissions and/or other control 
information to such parties based at least in part on such 
requests. 

505. A method of operating a clearinghouse characterized 
by the steps of receiving information from one or more parties 
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establishing a party's identity information, creating one or more 
electronic representations of at least a portion of such identity 
information for use in enabling and/or withholding at least one 
right in at least one secure container, performing an operation to 
certify such electronic representations, delivering such electronic 
representations to such party. 

506. A method of operating a clearinghouse characterized 
by the steps of receiving a request for credit from a party for use 
with secure containers, determining an amount of credit based at 
least in part on such request, creating control information related 
to such an amount, delivering such control information to such 
user, receiving usage information related to use of such credit, 
performing and/or causing to be performed at least one 
transaction associated with collecting payment from such user. 

507. A method for contributing secure control information 
with respect to an electronic value chain wherein control 
information is contributed by a party not directly participating in 
said value chain, comprising steps of: aggregating said 
contributed control information with control information 
associated with digital information stipulated by one or more 
parties in an electronic value chain, said aggregate control / 
information at least in part managing conditions related to the 

use of at least a portion of said digital information. 
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508. A method for entering the payment of taxes 
associated with commercial events wherein secure control 
information for automatically governing tax payments for said 
commercial events is contributed by a party comprising steps of: 
aggregating said secure control information with control 
information that has been contributed by a separate party and 
controlling at least one condition for use of digital information. 

509. A method for general purpose reusable electronic 
commerce arrangement characterized by the steps of: 

(a) providing component structures, modular methods that 
can be configured together to comprise event controlled 

(b) providing integrateable protected processing 
environments to plural independent users; 

(c) employing secure communications means for 
communicating digital control information between integrateable 
protected processing environments; and 

(d) enabling database managers operably connected to 
said processing environments for storing at least a portion of said 
provided component modular methods. 

510. A system for general purpose, reusable electronic 
commerce including: 

(a) component modular methods configured together to 
comprise event control structures; 
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(b) at least one interoperable processing environment at 
each of plural independent user locations; 

(c) secure communications means for communicating 
digital control information between interoperable protected 
processing environments; and 

(d) secured database managers operably connected to said 
protected processing environments for storing at least a portion 
of said component modular methods. 

511. A general purpose electronic commerce credit system 
including: 

(a) a secure interoperable protected processing 
environment; 

(b) general purpose credit control information for 
providing credit for user usage of at least in part protected digital 
information; and 

(c) at least in part protected digital information related 
control information for providing necessary information for 
employing credit through the use, at least in part, of said general 
purpose credit control information. 

512. A method for enabling a general purpose electronic 
commerce credit system including: 

(a) providing secure interoperable protected processing 
environments; 
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(b) supplying general purpose credit control information 
for providing credit for user usage of at least in part protected 
digital information; and 

(c) providing, at least in part, protected digital information 
related control information for providing necessary information 
for employing credit through the use, at least in part, of said 
general purpose credit control information. 

513. A document management system comprising one or 
more electronic appliances containing one or more SPUs and one 
or more secure databases operatively connected to at least one of 
the SPUs. 

514. An electronic contract system comprising one or more 
electronic appliances cont aining one or more SPUs and one or 
more secure databases operatively connected to at least one of 
the SPUs. 

515. An electronic appliance containing at least one SPU 
and at least one secure database operatively connected to at least 
one of the SPU(s). 

516. An electronic appliance containing one or more CPUs 
where at least one of the CPUs is integrated with at least one 
SPU. 
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517. An electronic appliance containing one or more video 
controllers where at least one of the video controllers is 
integrated with at least one SPU. 

518. An electronic appliance containing one or more 
network communications means where at least one of the 
network co mmunic ations means is integrated with at least one 
SPU. 

519. An electronic appliance containing one or more 
modems where at least one of the modems is integrated with at 
least one SPU. 

520. An electronic appliance containing one or more CD- 
ROM devices where at least one of the CD-ROM devices is 
integrated with at least one SPU. 

521. An electronic appliance containing one or more set- 
top controllers where at least one of the set-top controllers is 
integrated with at least one SPU. 

522. An electronic appliance containing one or more game 
systems where at least one of the game systems is integrated 
with at least one SPU. 
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523. An integrated circuit supporting multiple encryption 
algorithms comprising at least one microprocessor, memory, 
input/output means, at least one circuit for encrypting and/or 
decrypting information and one or more software programs for 
use with at least one of the microprocessors to perform encryption 
and/or decryption functions. 

524. An integrated circuit comprising at least one 
microprocessor, memory, at least one real time clock, at least one 
random number generator, at least one circuit for encrypting 
and/or decrypting information and independently delivered 
and/or independently deliverable certified software. 

525. An integrated circuit comprising at least one 
microprocessor, memory, input/output means, a tamper resistant 
barrier and at least a portion of a Rights Operating System. 

526. An integrated circuit comprising at least one 
microprocessor, memory, input/output means, at least one real 
time clock, a tamper resistant barrier and means for recording 
interruption of power to at least one of the real time clocks. 
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